Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2025-32921

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPoperation Arrival allows PHP Local File Inclusion. This issue affects Arrival: from n/a through 1.4.5.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Path Traversal

  • 4.1

    MEDIUM
    CVE-2024-30148

    Improper access control of endpoint in HCL Leap allows certain admin users to import applications from the server's filesystem.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-44135

    A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0 in /Scheduling/pages/profile_update.php. Manipulating the parameter username will cause SQL injection attacks.... Read more

    • Published: Apr. 24, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 6.5

    MEDIUM
    CVE-2025-44134

    A vulnerability was found in Code-Projects Online Class and Exam Scheduling System 1.0 in the file /Scheduling/pages/class_save.php. Manipulation of parameter class will lead to SQL injection attacks.... Read more

    • Published: Apr. 24, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Injection

  • 4.8

    MEDIUM
    CVE-2025-29568

    A vulnerability has been discovered in the code-projects Online Class and Exam Scheduling System 1.0. The issue affects some unknown features in the file /Scheduling/pages/class_sched.php. Manipulating the class parameter can lead to cross-site scripting ... Read more

    • Published: Apr. 24, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.7

    HIGH
    CVE-2025-43855

    tRPC allows users to build & consume fully typesafe APIs without schemas or code generation. In versions starting from 11.0.0 to before 11.1.1, an unhandled error is thrown when validating invalid connectionParams which crashes a tRPC WebSocket server. Th... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Denial of Service

  • 5.5

    MEDIUM
    CVE-2025-30409

    Denial of service due to allocation of resources without limits. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904.... Read more

    Affected Products : cyber_protect_cloud_agent
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Denial of Service

  • 6.7

    MEDIUM
    CVE-2025-30408

    Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904, Acronis Cyber Protect 16 (Windows) before build 39938.... Read more

    • Published: Apr. 24, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authorization

  • 6.8

    MEDIUM
    CVE-2025-46421

    A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that iss... Read more

    • Published: Apr. 24, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Authorization

  • 6.5

    MEDIUM
    CVE-2025-46420

    A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes.... Read more

    • Published: Apr. 24, 2025
    • Modified: Jul. 28, 2025
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-27820

    A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release... Read more

    Affected Products : httpclient ontap_tools
    • Published: Apr. 24, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Misconfiguration

  • 7.2

    HIGH
    CVE-2025-3872

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon centreon-web (User configuration form modules) allows SQL Injection. A user with high privileges is able to become administrator by intercepti... Read more

    Affected Products : centreon
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2021-47664

    Due to improper authentication mechanism an unauthenticated remote attacker can enumerate valid usernames.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authentication

  • 8.1

    HIGH
    CVE-2021-47663

    Due to improper JSON Web Tokens implementation an unauthenticated remote attacker can guess a valid session ID and therefore impersonate a user to gain full access.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authentication

  • 7.5

    HIGH
    CVE-2021-47662

    Due to missing authorization an unauthenticated remote attacker can cause a DoS attack by connecting via HTTPS and triggering the shutdown button.... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization

  • 6.4

    MEDIUM
    CVE-2025-3832

    The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘successredirect’ parameter in all versions up to, and including, 6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticat... Read more

    Affected Products : fusedesk
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.2

    MEDIUM
    CVE-2025-3793

    The Buddypress Force Password Change plugin for WordPress is vulnerable to authenticated account takeover due to the plugin not properly validating a user's identity prior to updating their password through the 'bp_force_password_ajax' function in all ver... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authentication

  • 8.3

    HIGH
    CVE-2025-3776

    The Verification SMS with TargetSMS plugin for WordPress is vulnerable to limited Remote Code Execution in all versions up to, and including, 1.5 via the 'targetvr_ajax_handler' function. This is due to a lack of validation on the type of function that ca... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authentication

  • 8.8

    HIGH
    CVE-2025-3607

    The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.7. This is due to the plugin not properly validating a user's identity prior to updating a... Read more

    Affected Products :
    • Published: Apr. 24, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authentication

  • 9.8

    CRITICAL
    CVE-2025-3604

    The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email. ... Read more

    Affected Products : flynax_bridge
    • Published: Apr. 24, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Authentication
Showing 20 of 293609 Results